Jump to content

Malware inside Angry Planes & Noclip Mod


aboutseven

Recommended Posts

EddieThePro

 

 

Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it?

 

Sorry if this is f*cking stupid. I'm usually smarter than this, promise :)

Some of the files are used by software/programs that are running :)

 

Cheers, I'll stay safe and avoid it for the time being.

 

Regarding your picture: I think that's fine. Mine consists of 'Administrator - ASPNET - Guest - [My Name]

 

 

Thanks mate! Really appriciate it! Have a wonderful sunday!

 

Link to comment
Share on other sites

So, i did that net user thing with CMD, and it came up with this. http://sv.tinypic.com/view.php?pic=2nvgkrk&s=8#.VVitRvntnGA

 

Everything is in the picture ;)

:) Don't worry sir, it's okay the only problem is if it's write another name under your name, the Guest thing is Fine :).

Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it?

 

Sorry if this is f*cking stupid. I'm usually smarter than this, promise :)

Temp folder is like the Trash of the pc :D Just delete it all :D and Delete prefetch files as well :)

 

Don't worry Deleting Temp Does not Delete any thing important Related to your Pc Files or anything else so it's alright :)

Link to comment
Share on other sites

MarshallRawR

So, i did that net user thing with CMD, and it came up with this. http://sv.tinypic.com/view.php?pic=2nvgkrk&s=8#.VVitRvntnGA

 

Everything is in the picture ;)

 

Guest is an account you can enable or not if someone wants to use your computer

without a password but with limited privileges. They can't access your files too.

Link to comment
Share on other sites

 

So, i did that net user thing with CMD, and it came up with this. http://sv.tinypic.com/view.php?pic=2nvgkrk&s=8#.VVitRvntnGA

 

Everything is in the picture ;)

:) Don't worry sir, it's okay the only problem is if it's write another name under your name, the Guest thing is Fine :).

Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it?

 

Sorry if this is f*cking stupid. I'm usually smarter than this, promise :)

Temp folder is like the Trash of the pc :D Just delete it all :D and Delete prefetch files as well :)

 

Don't worry Deleting Temp Does not Delete any thing important Related to your Pc Files or anything else so it's alright :)

 

Yeah, I eventually established this after a quick Google search... Just threw it all in the Recycling Bin.

 

But thanks! I'd recommend it to anyone who is still weary about the virus and any files they could've missed :)

Link to comment
Share on other sites

sir_cormac_thunderguts

Probable secuirity fix in Windows 10 (Correct me if i'm not)

If you have Windows 10 (beta), you shouldnt be affected. I had kept my antivirus and firewall off anyways. Hope this helps :)

 

Here are some images

 

waBhtE6.png

I couldnt find a value in my registry

Link to comment
Share on other sites

Zhuocheng Tan

Probable secuirity fix in Windows 10 (Correct me if i'm not)

If you have Windows 10 (beta), you shouldnt be affected. I had kept my antivirus and firewall off anyways. Hope this helps :)

 

Here are some images

 

waBhtE6.png

I couldnt find a value in my registry

i couldnt find it on 8.1

Link to comment
Share on other sites

MarshallRawR

The value in the registry made the virus start up again at each boot.
Better check your temp folders and quarantine to be safe.

Link to comment
Share on other sites

Well where were these files downloaded from, who hosted them? It is not that hard to put a name on the coward/thief/imbecile who did this...

Link to comment
Share on other sites

bocodamondo

can anyone help me, i accidentally downloaded the angry plane mod (i dont even own GTA5) when i clicked on it, i was like meh, and just let it there in my Downloads folder as ZIP file. after i found out about this, i immediatly went and deleted the file and cleared my trashcan....does it install the malware when it still a ZIP/RAR file?

 

i tried to scan my PC for a Fade.exe or Init.exe and the only ones with those names i found are a few init files in games like legend of korra, DMC4, resident evil revelations, RE6, bully... but those were all like init,arc or init.bnk ... no init.exe

 

the only "fade" files i found are some fade.nft in bully...thats it. no Fade.exe

 

i scanned my downloads folder with both avira antivirus and it said its clean and im currently scanning it with superantispyware and malwarebytes

 

 

 

.there's also no fade or init in my temp folder

 

i really want to know if there's a chance i get the virus without extracting it out of the ZIP/RAR file. so i can go and change all my passwords.

 

Link to comment
Share on other sites

Igor Bogdanoff

Nope you have to load into game with asi loader and that asi installed

Link to comment
Share on other sites

MonsieurSamuel

can anyone help me, i accidentally downloaded the angry plane mod (i dont even own GTA5) when i clicked on it, i was like meh, and just let it there in my Downloads folder as ZIP file. after i found out about this, i immediatly went and deleted the file and cleared my trashcan....does it install the malware when it still a ZIP/RAR file?

 

i tried to scan my PC for a Fade.exe or Init.exe and the only ones with those names i found are a few init files in games like legend of korra, DMC4, resident evil revelations, RE6, bully... but those were all like init,arc or init.bnk ... no init.exe

 

the only "fade" files i found are some fade.nft in bully...thats it. no Fade.exe

 

i scanned my downloads folder with both avira antivirus and it said its clean and im currently scanning it with superantispyware and malwarebytes

 

 

 

.there's also no fade or init in my temp folder

 

i really want to know if there's a chance i get the virus without extracting it out of the ZIP/RAR file. so i can go and change all my passwords.

 

 

No chance that you're affected. The virus-downloading script is only executed when the .asi file is inside GTA's root folder and you've run the game with the .asi inside. You're fine.

Link to comment
Share on other sites

TheMuffinManOP

"can anyone help me, i accidentally downloaded the angry plane mod (i dont even own GTA5) when i clicked on it, i was like meh, and just let it there in my Downloads folder as ZIP file. after i found out about this, i immediatly went and deleted the file and cleared my trashcan....does it install the malware when it still a ZIP/RAR file?

 

i tried to scan my PC for a Fade.exe or Init.exe and the only ones with those names i found are a few init files in games like legend of korra, DMC4, resident evil revelations, RE6, bully... but those were all like init,arc or init.bnk ... no init.exe

 

the only "fade" files i found are some fade.nft in bully...thats it. no Fade.exe

 

i scanned my downloads folder with both avira antivirus and it said its clean and im currently scanning it with superantispyware and malwarebytes

 

 

 

.there's also no fade or init in my temp folder

 

i really want to know if there's a chance i get the virus without extracting it out of the ZIP/RAR file. so i can go and change all my passwords."

 

if you did not unrar it or not launch gta 5 you should be ok since it injected the viruses and malware / key loggers when you launched gta 5 change your passwords and run a few scans with malwarebytes an anti virus program

and try tdsskiller it scans for rootkits if you want even more try programs like adwcleaner, hitmanpro, rkill and roguekiller they are some of the best I have them all installed also when you launch after the scan it might ask for an email just put in your email and ignore the

email if you do not offers for the program. Go to " http://www.bleepingcomputer.com/download/windows/" and look at the most downloaded on the left as most downloaded / recommended programs that I have mentioned are there, Hope this helps :)

 

P.S I do not know why the text went while just click and highlight it you will see the text ( it tells you what programs people recommend )

 

Edited by TheMuffinManOP
Link to comment
Share on other sites

bocodamondo

alright, i scanned my PC with malwarebytes too and it said its clean from any init or fade exe.

  • Like 1
Link to comment
Share on other sites

handoverfist

The value in the registry made the virus start up again at each boot.

Better check your temp folders and quarantine to be safe.

Which file?

Also if it re-downloaded that means you didn't clean it out well enough.

Link to comment
Share on other sites

MarshallRawR

Which file?

 

Also if it re-downloaded that means you didn't clean it out well enough.

 

 

That was set to Fade.exe.

Even if the registry was not infected, the initial run of Fade.exe might have happened.

 

 

 

Hello there I was wondering if someone could help me. Can you test and see if this link is safe to download? Are there any viruses, malware or anything bad in there?

 

Thanks :D

 

This is a hack for GTA Online which is not allowed here.

Reported to remove the link, be carefull next time or you might get a sanction from mods.

Also, it'll get you banned anyway.

Edited by MarshallRawR
Link to comment
Share on other sites

 

 

This is a hack for GTA Online which is not allowed here.

Reported to remove the link, be carefull next time or you might get a sanction from mods.

Also, it'll get you banned anyway.

 

sh*t sorry I didn't realize

Link to comment
Share on other sites

TheMuffinManOP

for some random reason silent wants me to post here. so no one will see this post but I will do as he said ( post) :hey guys I removed everything such as shell in the regedit and all the files and stuff I went as far as to reinstall gta 5 but I found a shell folder in regedit and deleted it I also found a file called "*" (yes a * )

but I think I went to far as after doing some research this was added by windows I have backups and restore points so it is nothing huge and I really want to re install windows but I really do not want to start again after having this pc like 10 months of having it but I am only 50 % sure I am safe I have changed most in portent passwords such as youtube twitch facebook paypal and rockstar steam and the rest but I re installed gta 5 and it launched in windowed mode witch was strange I wish I checked my processes but I can't remember doing so but the fade folder in regedit so I deleted it again and rebooted 2 times and it has not returned. for the people saying about the "leep" and "fade" in the regedit I only installed the noclip mod and it seems the files where added on the same date as every one else "5/5/2015" on the 5 of may witch seems weird and I only had fade and no leep witch people said "leep" was part of the noclip mod let me know where to look for this "leep" sh*t too please, thanks :) Extra stuff:

the real kicker is that I wanted to start gta modding in gta 5 and I started then I heard the news about all this f*ckery with the malware this really will hit the community hard since I am not even going to download a mod. until it has been like 110 % confirmed to be real by tons of people and youtubers as such rockstar should touch on it even though they do not really approve for modding in gta 5 it should be talked about wont be surprised if rockstar said "I told you so" I still think there is that 1 person out there that has not heard the news and I have been in contact with malwarebytes since It did not detect it I just hope this comes to light even more than it has.

Link to comment
Share on other sites

for some random reason silent wants me to post here. so no one will see this post but I will do as he said ( post) :hey guys I removed everything such as shell in the regedit and all the files and stuff I went as far as to reinstall gta 5 but I found a shell folder in regedit and deleted it I also found a file called "*" (yes a * )

but I think I went to far as after doing some research this was added by windows I have backups and restore points so it is nothing huge and I really want to re install windows but I really do not want to start again after having this pc like 10 months of having it but I am only 50 % sure I am safe I have changed most in portent passwords such as youtube twitch facebook paypal and rockstar steam and the rest but I re installed gta 5 and it launched in windowed mode witch was strange I wish I checked my processes but I can't remember doing so but the fade folder in regedit so I deleted it again and rebooted 2 times and it has not returned. for the people saying about the "leep" and "fade" in the regedit I only installed the noclip mod and it seems the files where added on the same date as every one else "5/5/2015" on the 5 of may witch seems weird and I only had fade and no leep witch people said "leep" was part of the noclip mod let me know where to look for this "leep" sh*t too please, thanks :) Extra stuff:

the real kicker is that I wanted to start gta modding in gta 5 and I started then I heard the news about all this f*ckery with the malware this really will hit the community hard since I am not even going to download a mod. until it has been like 110 % confirmed to be real by tons of people and youtubers as such rockstar should touch on it even though they do not really approve for modding in gta 5 it should be talked about wont be surprised if rockstar said "I told you so" I still think there is that 1 person out there that has not heard the news and I have been in contact with malwarebytes since It did not detect it I just hope this comes to light even more than it has

As I know there were different noclip mods, so it should be that some mods had leep and others had fade. In my case I just got fade from noclip mod.

  • Like 1
Link to comment
Share on other sites

If folks are still worried about what is lurking in your autorun, download this sysinternals tool:

 

https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

bb963902.autoruns_v13(en-us,MSDN.10).png

 

It will enumerate all of the items that will start with Windows.

 

Process Explorer and TCPView are also good tools to see if there is still suspicious activity going on.

Link to comment
Share on other sites

If folks are still worried about what is lurking in your autorun, download this sysinternals tool:

 

https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

bb963902.autoruns_v13(en-us,MSDN.10).png

 

It will enumerate all of the items that will start with Windows.

 

Process Explorer and TCPView are also good tools to see if there is still suspicious activity going on.

what do red and yellow highlights mean?

Link to comment
Share on other sites

 

If folks are still worried about what is lurking in your autorun, download this sysinternals tool:

 

https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

bb963902.autoruns_v13(en-us,MSDN.10).png

 

It will enumerate all of the items that will start with Windows.

 

Process Explorer and TCPView are also good tools to see if there is still suspicious activity going on.

what do red and yellow highlights mean?

 

 

Red: unsigned image (not signed by any recognized authority - if any)

Yellow: missing image (the file the entry is pointing to is missing from the filesystem)

Edited by ffzero58
Link to comment
Share on other sites

TheMuffinManOP

 

for some random reason silent wants me to post here. so no one will see this post but I will do as he said ( post) :hey guys I removed everything such as shell in the regedit and all the files and stuff I went as far as to reinstall gta 5 but I found a shell folder in regedit and deleted it I also found a file called "*" (yes a * )

but I think I went to far as after doing some research this was added by windows I have backups and restore points so it is nothing huge and I really want to re install windows but I really do not want to start again after having this pc like 10 months of having it but I am only 50 % sure I am safe I have changed most in portent passwords such as youtube twitch facebook paypal and rockstar steam and the rest but I re installed gta 5 and it launched in windowed mode witch was strange I wish I checked my processes but I can't remember doing so but the fade folder in regedit so I deleted it again and rebooted 2 times and it has not returned. for the people saying about the "leep" and "fade" in the regedit I only installed the noclip mod and it seems the files where added on the same date as every one else "5/5/2015" on the 5 of may witch seems weird and I only had fade and no leep witch people said "leep" was part of the noclip mod let me know where to look for this "leep" sh*t too please, thanks :) Extra stuff:

the real kicker is that I wanted to start gta modding in gta 5 and I started then I heard the news about all this f*ckery with the malware this really will hit the community hard since I am not even going to download a mod. until it has been like 110 % confirmed to be real by tons of people and youtubers as such rockstar should touch on it even though they do not really approve for modding in gta 5 it should be talked about wont be surprised if rockstar said "I told you so" I still think there is that 1 person out there that has not heard the news and I have been in contact with malwarebytes since It did not detect it I just hope this comes to light even more than it has

As I know there were different noclip mods, so it should be that some mods had leep and others had fade. In my case I just got fade from noclip mod.

 

well I just had fade too man that sucks I didn't even use noclip only the occasional looking behind a wall for like an easter egg, oh well, thanks for the reply :)

alright, i scanned my PC with malwarebytes too and it said its clean from any init or fade exe.

I recommend more programs since malwarebytes didn't detect it. all it did is detected a "hijack.shallA.gen" and another one I knew about this before this thing even happened I even uni-stalled gta 5 before this happened because I knew

it was gta 5 doing it since every time I run it it would be detected by malwarebytes but it did not completely remove it PLEASE go through the step by step removal guide in this main post and go here : http://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/

to remove ALL malware from your pc. thanks :)

Link to comment
Share on other sites

So I'm going through the basics of IDA and the relevant tutorials on youtube. In one of them, it says that you can see the importsand what they use like using like networking.

 

Now I have no idea what ASI files need or how they work when they download viruses. But did Angry Planes mod need that import and would it show up on IDA?

Link to comment
Share on other sites

Did it affect windows 8.1 users?

 

I can't find any of the exe files. But I did find one .z file in temp that appeared to be unnamed and had a winrar icon.

Link to comment
Share on other sites

MarshallRawR

Did it affect windows 8.1 users?

 

I can't find any of the exe files. But I did find one .z file in temp that appeared to be unnamed and had a winrar icon.

 

Of course it affected 8.1 users, pretty much any PC running GTAV with the mod.

Look at your antivirus's quarantine, it might be there already. Also, check the registry. Good luck, pal.

Link to comment
Share on other sites

Is it possible it stole files and is it possible it copied to other harddrives and infected those .exe files?

Link to comment
Share on other sites

Is it possible it stole files and is it possible it copied to other harddrives and infected those .exe files?

 

Yes. The virus stole session/saved passwords of social media sites, steam, etc... It also logged your keystrokes and did all sorts of debauchery on your system. As for your latter question, it does not look like that is the case. Even so, look through your autoruns to see if you have any suspicious entries.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • 1 User Currently Viewing
    0 members, 0 Anonymous, 1 Guest

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.